Extracted

• • Target

    a94869345f7f1f3a1bc6cca4aa94cc7bde30dcb0bb18198567ea58cc93ba2c15

  • Size

    321KB

  • MD5

    a3e681364daaa68ce0177581573f483f

  • SHA1

    eefb4725622f42019e475aa26439c0cf60dc7cc2

  • SHA256

    a94869345f7f1f3a1bc6cca4aa94cc7bde30dcb0bb18198567ea58cc93ba2c15

  • SHA512

    a071ae229d39674e53cf0051bde78b792041064a90580ab4ef51c4bec8dd4e7cc19934a3249e45df20cf3bc1aa76b28ba04f954eda9767acd2aa2092c606949b

  • SSDEEP

    6144:RZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6oHGx1d0RjzV5Pnz63LLHBN+:PANwRo+mv8QD4+0V16oHblLPkLLhN+

  Score

  10^/10

  defense_evasiondiscoveryexecutionpersistence

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion
  behavioral1behavioral2